Sample viewer

vx.netlux.org/Virus.DOS.TSC.714

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:22.248674976Z 47 PC: 12a69 | Get disk transfer address
2018-12-17T22:09:22.255259176Z 26 PC: 12a7b | Set disk transfer address
2018-12-17T22:09:22.256262805Z 44 PC: 12a7f | Get time 0x12a7f: mov word ptr [si + 0x388], dx
0x12a83: mov ah, 0x4e
0x12a85: mov cx, 3
0x12a88: mov dx, 0x382
0x12a8b: add dx, si
0x12a8d: int 0x21
0x12a8f: jb 0x12a98
0x12a91: mov bx, 0x19c
0x12a94: add bx, si
0x12a96: jmp bx
0x12a98: cmp byte ptr [si + 0x2a3], 2
0x12a9d: je 0x12ab9
0x12a9f: mov byte ptr [si + 0x2a3], 2
0x12aa4: nop
0x12aa5: mov ah, 0x3d
0x12aa7: mov al, 2
0x12aa9: mov dx, 0x2a4
0x12aac: add dx, si
0x12aae: int 0x21
0x12ab0: jb 0x12ab9
2018-12-17T22:09:22.258401401Z 78 PC: 12a8f | Find first file
2018-12-17T22:09:22.264676049Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.271962264Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.27654671Z 61 PC: 12b12 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:09:22.283591998Z 63 PC: 12b22 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:22.289954645Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:09:22.291522619Z 66 PC: 12b52 | Move file pointer
2018-12-17T22:09:22.293134586Z 64 PC: 12b5e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:22.296459586Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:09:22.297898349Z 64 PC: 12b76 | Write file or device (Write 714 bytes on handle 5)
2018-12-17T22:09:22.312668097Z 62 PC: 12b7a | Close file
2018-12-17T22:09:22.321629544Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.331255911Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.334031167Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.34021556Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.344838351Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.354129339Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.357793786Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.368350044Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.377899255Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.389038281Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.39189395Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.397595285Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.409322381Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.419054083Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.421646438Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.427308391Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.43691439Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.450122937Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.453007057Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.459050257Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.464123538Z 61 PC: 12b12 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:09:22.471405459Z 63 PC: 12b22 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:22.477951973Z 66 PC: 12b3a | Move file pointer
2018-12-17T22:09:22.479359047Z 66 PC: 12b52 | Move file pointer
2018-12-17T22:09:22.480700264Z 64 PC: 12b5e | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:09:22.483944448Z 66 PC: 12b6a | Move file pointer
2018-12-17T22:09:22.485356712Z 64 PC: 12b76 | Write file or device (Write 714 bytes on handle 5)
2018-12-17T22:09:22.493950192Z 62 PC: 12b7a | Close file
2018-12-17T22:09:22.502838944Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.515859375Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.518421682Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.524676752Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.530200668Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.539965721Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.543774071Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.549200024Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.558824526Z 61 PC: 12b12 | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:22.571461751Z 63 PC: 12b22 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:09:22.579851758Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.590105546Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.593724022Z 61 PC: 12ab0 | Open file (Filename = 'c:\command.com')
2018-12-17T22:09:22.600810165Z 67 PC: 12ae6 | Get or set file attributes
2018-12-17T22:09:22.606729429Z 67 PC: 12af7 | Get or set file attributes
2018-12-17T22:09:22.612363244Z 61 PC: 12b12 | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:22.619626783Z 63 PC: 12b22 | Read file or device (Read 4 bytes on handle 7)
2018-12-17T22:09:22.622625237Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:09:22.635310869Z 79 PC: 12a8f | Find next file
2018-12-17T22:09:22.638321356Z 9 PC: 12ba1 | Display string (String= ' Este fichero ha sido infectado por el TSC virus. Usas mucho el ordenador, no si dejar que sigas con el. Voy a pensarlo un momento. ')
2018-12-17T22:09:25.364843509Z 9 PC: 12bda | Display string (String= ' Lo siento, he decidido que no. ')